[Rspamd-Users] Spam from my own address not detected

Andrew Lewis rspamd-users at judo.za.org
Wed Apr 28 07:44:24 UTC 2021 

Hi Yves,

It looks like you've enabled greylisting but not configured Exim to  
honour the 'soft reject' action - you'll want to do that, or disable  
greylisting - or you'll get bad results. There's an example at  
https://rspamd.com/doc/integration.html#integration-with-exim-mta

The envelope sender of the mail in question is empty so SPF is not  
applicable here. Consider publishing DMARC policy.

Best,
-AL.

Quoting Yves Goergen <nospam.list at unclassified.de>:

> Hello,
>
> I keep getting spam mail that has my own e-mail address as envelope  
> sender. Then I look in the Rspamd log and see that it has this label:
>
> R_SPF_NA (0) [no SPF record]
>
> The tooltip says:
>
> Missing SPF record
>
> Something's wrong here. My domains all have SPF and DKIM records.  
> Why do I see this message here? What does it mean?
>
> These are the full headers of one of such messages as I receive it:
>
> ----------
>
> Return-path: <>
> Envelope-to: y****@unclassified.de
> Delivery-date: Tue, 27 Apr 2021 21:14:07 +0200
> Received: from  
> astmpdsfsdf-i61telefonica.westeurope.cloudapp.azure.com  
> ([23.97.207.120] helo=p89t.resellerratings.com)
> 	by dotforward.de with esmtp (Exim 4.93)
> 	id 1lbT9m-004BGJ-9y
> 	for y****@unclassified.de; Tue, 27 Apr 2021 21:14:07 +0200
> Content-Transfer-Encoding: 7bit
> Content-Type: text/html; charset="UTF-8"
> Date: Tue, 27 Apr 2021 18:53:18 +0200
> To: y****@unclassified.de
> From: "Bitcoin-Handel"  <y****@unclassified.de>
> Subject:  
> =?utf-8?Q?Der_Preis_von_Bitcoin_ist_h=C3=B6her_als_seit_zwei_Jahren?=
> MIME-Version: 1.0
> Message-Id: <E1lbT9m-004BGJ-9y at dotforward.de>
> X-Spam-Score: 3.6 (+++)
> X-Spam-Report: Scanned by the dotforward mail server
> 	HFILTER_HELO_NORES_A_OR_MX(0.30)
> 	TO_DN_NONE(0.00)
> 	HFILTER_HELO_IP_A(1.00)
> 	SEM_URIBL_FRESH15_UNKNOWN_FAIL(0.00)
> 	URIBL_MULTI_FAIL(0.00)
> 	RCVD_COUNT_ONE(0.00)
> 	RCVD_NO_TLS_LAST(0.10)
> 	TO_EQ_FROM(0.00)
> 	R_DKIM_NA(0.00)
> 	MIME_TRACE(0.00)
> 	ASN(0.00)
> 	SPAMHAUS_FAIL(0.00)
> 	RSPAMD_URIBL_FAIL(0.00)
> 	ONCE_RECEIVED(0.10)
> 	ARC_NA(0.00)
> 	SEM_URIBL_UNKNOWN_FAIL(0.00)
> 	FROM_HAS_DN(0.00)
> 	TO_MATCH_ENVRCPT_ALL(0.00)
> 	SURBL_MULTI_FAIL(0.00)
> 	RCPT_COUNT_ONE(0.00)
> 	DBL_FAIL(0.00)
> 	BLOCKLISTDE_FAIL(0.00)
> 	DMARC_DNSFAIL(0.00)
> 	MIME_HTML_ONLY(0.20)
> 	R_SPF_NA(0.00)
> 	HFILTER_URL_ONLY(1.87)
> 	GREYLIST(0.00)
>  Message: Try again later
>
> ----------
>
> These are all symbols of the entry in Rspamd:
>
> ----------
>
> HFILTER_URL_ONLY (1.871642) [0.85074626865672]
> HFILTER_HELO_IP_A (1) [p89t.resellerratings.com]
> HFILTER_HELO_NORES_A_OR_MX (0.3) [p89t.resellerratings.com]
> MIME_HTML_ONLY (0.2)
> ONCE_RECEIVED (0.1)
> RCVD_NO_TLS_LAST (0.1)
> SPAMHAUS_FAIL (0) [23.97.207.120:query timed out]
> SEM_URIBL_UNKNOWN_FAIL (0) [farsjoo.com:query timed  
> out,unclassified.de:query timed out]
> TO_EQ_FROM (0)
> GREYLIST (0) [greylisted,Tue, 27 Apr 2021 19:19:07 GMT,new record]
> ASN (0) [asn:8075, ipnet:23.96.0.0/14, country:US]
> SEM_URIBL_FRESH15_UNKNOWN_FAIL (0) [farsjoo.com:query timed  
> out,unclassified.de:query timed out]
> MIME_TRACE (0) [0:~]
> RCPT_COUNT_ONE (0) [1]
> RSPAMD_URIBL_FAIL (0) [farsjoo.com:query timed  
> out,unclassified.de:query timed out]
> URIBL_MULTI_FAIL (0) [unclassified.de:query timed  
> out,farsjoo.com:query timed out]
> R_DKIM_NA (0)
> BLOCKLISTDE_FAIL (0) [23.97.207.120:query timed out]
> R_SPF_NA (0) [no SPF record]
> SURBL_MULTI_FAIL (0) [farsjoo.com:query timed  
> out,unclassified.de:query timed out]
> DBL_FAIL (0) [farsjoo.com:query timed out]
> TO_DN_NONE (0)
> ARC_NA (0)
> RCVD_COUNT_ONE (0) [1]
> DMARC_DNSFAIL (0) [unclassified.de : query timed out]
> TO_MATCH_ENVRCPT_ALL (0)
> FROM_HAS_DN (0)
>
> ----------
> -- 
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users

More information about the Users mailing list